Hi there, can anyone help??

My friends told me they had a problem with their computer (it was running slow etc) so I went to have a look at it the other day.

First suprise was that they had no virus protection at all, and I saw a Limewire icon on the desktop so reconed it was probably a virus.

I downloaded Avast and it asked if I wanted to do a scan on the reboot so I said OK.

The Scan started and it found a trojan in one of the sys32 files - so rather than do anything with it as I didn;t know what it was and wanted to do some research before choosing a moving/cleaning/deleting option I chose to exit. (I stupidly didn;t write down what and where it was as I thought I’d be able to view it again when I did another scan later :-[).

When the system restarted there was a message that one of the system files had been damaged but the system had used a backup or registry copy to launch.

Windows starts OK - but then when I select a profile all that launches is the desktop background, but no icons or menu items.

I restarted and tried to launch in safe mode to see if I could get to the restore options - but it won’t start in safe mode - just gives me a black screen with white writing showing file paths.

I’ve asked them if they have the disks that came with the computer - as I was thinking perhaps I could choose to boot from the CD to at least try and get their files copied off the computer.

Is this the right thing for me to do? I’m a bit scared it might go into an auto format and wipe everything (don;t even know if that exists but thats what I’m scared of).

Any advice would be gratefully received!

Thanks

Do you have the Windows CD/DVD? Can you start it and try to repair your Windows installation?

Thats what I’m hoping - there is no risk of the system being wiped without me specifically requesting it if I use the CD is there??
???

It is a common tactic to place malware in the system folders, to make you think twice (seems to have worked ;D but right not to act in haste) it is also common to call the file the same as a system file but place it in a different system folder.

What is the malware name, the infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

What was the message and file name (on boot) which was stated as damaged ?

Well, this possibility is there, but you have to manually chose it.
Maybe you could run:
sfc /scannow
and have the CD on hand to repair your installation withing windows.
If you can’t boot, you can use the CD to overinstall Windows.
Overinstallation can solve the problem and you won’t lose your programs, settings, data, files, etc.
Just choose ‘Repair’ installation of Windows and install ‘over’ the old installation.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314058
http://www.webtree.ca/windowsxp/repair_xp.htm